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CLAIMS 



1. (currently amended) A method of limiting unauthorized network requests, 
comprising the steps of: 

identifying entities legitimately entitled to service, wherein an entity 
comprises a user id-client pair, said user id-client pair comprising an individual 
user-machine combination; 

establishing said identified entities as trusted entities by , during a first 
session, issuing a trust token for each entity successfully authenticating to said 
network service, said trust token comprising a data object that includes a client 
identifier, said client identifier comprising at least one client-originated item of 
data that uniquely identifies the client machine, wherein said user ID-client pair 
represents a unique entity; 

storing said issued trust token on said client machine ; 

in sessions subsequent to said first session, transmitting with a network 
request from a trusted entity said stored issued trust token along with said user 
ID, authentication credentials, and client identifier from said client machine to 
said network service; 

d e t e rmining wh e ther each r e qu e st is a trust e d or an untrust e d l og i n; 

processing said request from said trusted entity r e qu e sts from said trusted 
entities according to a first policy; and 

responsive to a determination that a request is from an untrusted entity, 
said untrusted entity comprising an entity lacking a valid trust token: 

processing r e maining r e quests said reguest from said untrusted entity 
according to at least a second policy; 

wherein processing r e ma i ning a request[[s]] according to at least a second 
policy comprises adding a specified amount of incremental response latency 
when processing reguests from untrusted entiti es l og i ns , wh e r e in untrusted 




l ogins compris e succ e ssfu l and unsucc e ssful l ogins from e nt i t ie s determined to 
lack a trust tok e n . 
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Claims 2-3. (cancelled) 

4. (previously presented) The method of claim 1 , wherein entities legitimately 
entitled to service comprise entities previously able to successfully authenticate 
to a network service. 

5. (original) The method of claim 4, wherein said network service comprises 
a server. 

Claims 6 - 7. (cancelled) 

8. (previously presented) The method of claim 1, said data object including: 
said user ID or a derivative thereof. 

9. (original) The method of claim 8, wherein said derivative comprises a 
cryptographic hash of the user ID. 

10. (original) The method of claim 8, wherein said data object further includes 
any of: a time stamp of first authentication to said network service by said entity; 
and a time stamp of a most recent authentication to said network service by said 
entity. 

1 1 . (cancelled) 

12. (previously presented) The method of claim 1, said client identifier 
comprising any of: a client identifier assigned by said network service; and a 
client identifier provided by the client. 

1 3. (previously presented) The method of claim 1 , further comprising a step of 
encrypting said trust token. 
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14. (original) The method of claim 13, further comprising the step of: 
transmitting said trust token from said network service to said client upon 
successful authentication to said network service by said entity. 

15. (original) The method of claim 14, wherein said step of transmitting said 
trust token occurs via a secure channel. 

16. (original) The method of claim 15, wherein said secure channel comprises 
a network connection secured via the SSL (secure sockets layer) protocol. 

Claims 17-18. (cancelled) 

19. (previously presented) The method of claim 1, wherein said step of 
transmitting said stored, issued trust token occurs via a secured channel. 

20. (original) The method of claim 19, wherein said secured channel 
comprises a network connection secured via the SSL (secure sockets layer) 
protocol. 

21. (original) The method of claim 12, further comprising a step of storing said 
issued trust token in a server side database, indexed according to a combination 
of user ID and client identifier. 

22. (original) The method of claim 21, further comprising the step of: 
transmitting said client identifier assigned by said network service from said 
network service to said client upon successful authentication to said network 
service by said entity. 

23. (original) The method of claim 22, wherein said step of transmitting said 
client identifier assigned by said network service occurs via a secure channel. 
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24. (original) The method of claim 22, said secure channel comprising a 
network connection secured via the SSL (secure sockets layer) protocol. 

25. (original) The method of claim 21, further comprising the steps of: 
transmitting said user ID and client identifier to said server; and retrieving said 
stored trust token from said database. 

26. (original) The method of claim 21, wherein said server side database 
serves a plurality of services. 

27. (previously presented) The method of claim 1, wherein processing 
requests from said trusted entities according to a first policy comprises the steps 
of: 

validating said trust token; and 

processing request without adding incremental response latency. 

28. (original) The method of claim 27, wherein said step of validating said trust 
token comprises the step of: 

verifying that the user ID and a client identifier in the trust token match 
those presented by the client on the request. 

29. (previously presented) The method of claim 28, wherein said step of 
validating said trust token further comprises any of the steps of: 

verifying that a time stamp of a first authentication by the entity recorded in 
the trust token is no earlier than a specified earliest acceptable first- 
authentication time stamp; and 

verifying that a time stamp of a last authentication by the entity recorded in 
the trust token is no earlier than a specified earliest acceptable last- 
authentication time stamp. 

Claims 30 -31. (cancelled) 
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32. (previously presented) The method of claim 1 , wherein response latency is 
added to a specified percentage of successful untrusted logins. 

33. (previously presented) The method of claim 1, wherein processing 
remaining requests according to at least a second policy comprises adding a 
specified amount of incremental response latency when processing requests 
from untrusted IP addresses that have exceeded a configurable login rate. 

34. (previously presented) The method of claim 1, wherein processing 
remaining requests according to at least a second policy comprises requiring an 
untrusted entity to complete a Turing test. 

35. (original) The method of claim 1 , wherein said policies are applied by a 
server. 

36. (original) The method of claim 35, wherein said server applies rate policies 
for a plurality of network devices. 

37. (original) The method of claim 6, further comprising the step of: 
updating said trust token after a login by a trusted entity. 

38. (currently amended) A computer program product comprising computer 
readable code means embodied on a tangible medium, said computer readable 
code means comprising code for performing a method of limiting unauthorized 
network requests, said method comprising the steps of: 

identifying entities legitimately entitled to service, wherein an entity 
comprises a user id-client pair, said user id-client pair comprising an individual 
user-machine combination; 

establishing said identified entities as trusted entities b y, during a first 
session, issuing a trust token for each entity successfully authenticating to said 
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network service, said trust token comprising a data object that includes a client 
identifier, said client identifier comprising at least one client-originated item of 
data that uniquely identifies the client machine, wherein said user ID-client pair 
represents a unique entity; 

storing said issued trust token on said client machine ; 

in sessions subsequent to said first session, transmitting with a network 
request from a trusted entity said stored issued trust token along with said user 
ID, authentication credentials, and client identifier from said client machine to 
said network service; 

dot o rmining whether each request is a trust e d or an untrust e d l og i n; 

processing said request from said trusted entity r e qu e sts from sa i d trust e d 
entities according to a first policy; and 

responsive to a determination that a request is from an untrusted entity, 
said untrusted entity comprising an entity lacking a valid trust token; 

processing remain i ng r e qu e sts said request from said untrusted entity 
according to at least a second policy; 

wherein processing r e ma i n i ng a request[[s]] according to at least a second 
policy comprises adding a specified amount of incremental response latency 
when processing r equests from untrusted entiti es l og i ns, wh e r e in untrust e d 
logins compr i se succ e ssfu l and unsucc e ssfu l l og i ns from ent i t ie s d e t e rmin e d to 
lack a trust tok e n . 

Claims 39 - 40. (cancelled) 

41. (previously presented) The method of claim 38, wherein entities 
legitimately entitled to service comprise entities able to successfully authenticate 
to a network service. 

42. (original) The method of claim 41, wherein said network service comprises 
a server. 



Page 8 of 18 



Application ser. no 10/759,596 

Claims 43 - 44. (cancelled). 

45. (previously presented) The method of claim 38, said data object including: 
said user ID or a derivative thereof. 

46. (original) The method of claim 45, wherein said derivative comprises a 
cryptographic hash of the user ID. 

47. (original) The method of claim 45, wherein said data object further 
includes any of: a time stamp of first authentication to said network service by 
said entity; and a time stamp of a most recent authentication to said network 
service by said entity. 

48. (cancelled) 

49. (previously presented) The method of claim 38, said client identifier 
comprising any of: a client identifier assigned by said network service; and a 
client identifier provided by the client. 

50. (original) The method of claim 45, further comprising the step of: 
encrypting said trust token. 

51. (original) The method of claim 50, further comprising a step of: 
transmitting said trust token from said network service to said client upon 
successful authentication to said network service by said entity. 

52. (original) The method of claim 51, wherein said the step of: transmitting 
said trust token occurs via a secure channel. 
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53. (previously presented) The method of claim 52, wherein said secure 
channel comprises a network connection secured via the SSL (secure sockets 
layer) protocol. 

Claims 54 - 55. (cancelled) 

56. (previously presented) The method of claim 38, wherein said step of 
transmitting said stored, issued trust token occurs via a secured channel. 

57. (original) The method of claim 56, wherein said secured channel 
comprises a network connection secured via the SSL (secure sockets layer) 
protocol. 

58. (original) The method of claim 50, further comprising the step of: storing 
said issued trust token in a server side database, indexed according to a 
combination of user ID and client identifier. 

59. (original) The method of claim 58, further comprising the step of: 
transmitting said client identifier assigned by said network service from said 
network service to said client upon successful authentication to said network 
service by said entity. 

60. (original) The method of claim 59, wherein said step of transmitting said 
client identifier assigned by said network service occurs via a secure channel. 

61. (original) The method of claim 59, said secure channel comprising a 
network connection secured via the SSL (secure sockets layer) protocol. 

62. (original) The method of claim 58, further comprising the steps of: 
transmitting said user. ID and client identifier to said server; and retrieving said 
stored trust token from said database. 
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63. (original) The method of claim 58, wherein said server side database 
serves a plurality of services. 

64. (previously presented) The method of claim 38, wherein processing 
requests from said trusted entities according to a first policy comprises the steps 
of: validating said trust token; and processing without adding incremental 
response latency. 

65. (original) The method of claim 64, wherein said step of validating said trust 
token comprises the step of: verifying that the user ID and a client identifier in the 
trust token match those presented by the client on the request. 

66. (previously presented) The method of claim 65, wherein said step of 
validating said trust token further comprises any of the steps of: verifying that a 
time stamp of a first authentication by the entity recorded in the trust token is no 
earlier than a specified earliest acceptable first-authentication time stamp; and 
verifying that a time stamp of a last authentication by the entity recorded in the 
trust token is no earlier than a configurable earliest acceptable last-authentication 
time stamp. 

Claims 67 -68. (cancelled) 

69. (previously presented) The method of claim 38, wherein response latency 
is added to a specified percentage of successful logins. 

70. (previously presented) The method of claim 38, wherein processing 
remaining requests according to at least a second policy comprises adding a 
specified amount of incremental response latency when processing requests 
from IP addresses that have exceeded a configurable login rate. 
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71. (previously presented) The method of claim 38, wherein processing 
remaining requests according to at least a second policy comprises requiring an 
untrusted entity to complete a Turing test. 

72. (original) The method of claim 39, wherein said policies are applied by a 
server. 

73. (original) The method of claim 72, wherein said server applies rate policies 
for a plurality of network devices. 

74. (previously presented) The method of claim 38, further comprising the 
step of: updating said trust token after a login by a trusted entity. 

Claims 75-94. (cancelled) 
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